MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d74d317525370d236775019f2ae386c688f7200500eead8553ef0d23116d75c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 6 File information Yara Comments

SHA256 hash: d74d317525370d236775019f2ae386c688f7200500eead8553ef0d23116d75c0
SHA3-384 hash: fa5e5850b4f47f104bee79178dd84e31742167de5871ddb4c9275ee652811acc17a99d0bed168e40e7f6ebe55c423ac4
SHA1 hash: bc205ba1d86ba1ffcfc1d86b3c3af3b7b4a226b1
MD5 hash: b792b3bb751fee5ea9e20fe79d117e38
humanhash: twelve-angel-nineteen-hawaii
File name:zeus 1_1.2.1.1.vir
Download: download sample
Signature n/a
File size:731'136 bytes
First seen:2020-07-19 19:32:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e97bb7403b11460b79ed4417909df666
ssdeep 12288:mA/OVBgqIKTy21avqVc6wurJNvcLc2kwTA0EQi1MF7o8ItdZAPpwEnrpW7R:mAGV2c1avqV9NppvZNgy8ItdyP+CruR
TLSH 70F4236D508BD3ADCA9CC433DBEC9ADF1A13211DA1E28F18B17C4D9801D1BCD2DAE955
Reporter @tildedennis
Tags:zeus 1


Twitter
@tildedennis
zeus 1 version 1.2.1.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Spyware.Zbot
Status:
Malicious
First seen:
2015-07-28 05:38:00 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Modifies WinLogon for persistence
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments